package org.sonar.php.checks.security;

import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.checks.utils.argumentmatching.ArgumentVerifierValueContainment;
import org.sonar.php.checks.utils.argumentmatching.FunctionArgumentCheck;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;

@Rule(key = "S4790")
/* loaded from: input_file:org/sonar/php/checks/security/CryptographicHashCheck.class */
public class CryptographicHashCheck extends FunctionArgumentCheck {
    private static final String MESSAGE = "Make sure this weak hash algorithm is not used in a sensitive context here.";
    private static final Set<String> WEAK_HASH_FUNCTIONS = Set.of("md5", "sha1");
    private static final Set<String> WEAK_HASH_ARGUMENTS = Set.of("md2", "md4", "md5", "sha1", "sha224", "ripemd128", "ripemd160", "haval160,3", "haval192,3", "haval224,3");
    private static final Set<String> WEAK_MHASH_ARGUMENTS = Set.of((Object[]) new String[]{"MHASH_MD2", "MHASH_MD4", "MHASH_MD5", "MHASH_RIPEMD128", "MHASH_SHA1", "MHASH_SHA192", "MHASH_SHA224", "MHASH_HAVAL128", "MHASH_HAVAL160", "MHASH_HAVAL192", "MHASH_HAVAL224"});
    private static final ArgumentVerifierValueContainment hashArgumentVerifier = ((ArgumentVerifierValueContainment.ArgumentVerifierValueContainmentBuilder) ((ArgumentVerifierValueContainment.ArgumentVerifierValueContainmentBuilder) ArgumentVerifierValueContainment.builder().position(0)).name("algo")).values(WEAK_HASH_ARGUMENTS).build();
    private static final ArgumentVerifierValueContainment mHashArgumentVerifier = ((ArgumentVerifierValueContainment.ArgumentVerifierValueContainmentBuilder) ((ArgumentVerifierValueContainment.ArgumentVerifierValueContainmentBuilder) ArgumentVerifierValueContainment.builder().position(0)).name("hash")).values(WEAK_MHASH_ARGUMENTS).build();

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        super.visitFunctionCall(functionCallTree);
        String lowerCaseFunctionName = CheckUtils.getLowerCaseFunctionName(functionCallTree);
        if (lowerCaseFunctionName != null && WEAK_HASH_FUNCTIONS.contains(lowerCaseFunctionName)) {
            createIssue(functionCallTree);
            return;
        }
        checkArgument(functionCallTree, "hash_init", hashArgumentVerifier);
        checkArgument(functionCallTree, "hash", hashArgumentVerifier);
        checkArgument(functionCallTree, "hash_pbkdf2", hashArgumentVerifier);
        checkArgument(functionCallTree, "mhash", mHashArgumentVerifier);
    }

    protected void createIssue(FunctionCallTree functionCallTree) {
        context().newIssue(this, functionCallTree.callee(), MESSAGE);
    }

    @Override // org.sonar.php.checks.utils.argumentmatching.FunctionArgumentCheck
    protected void createIssue(ExpressionTree expressionTree) {
        context().newIssue(this, expressionTree, MESSAGE);
    }
}
